Microsoft’s April 2026 cumulative update for Windows 11 has triggered a critical failure in third-party backup solutions, prompting cybersecurity watchdog AskWoody to raise its MS-DEFCON alert level to 3, a signal that users should proceed with caution before or after applying the patch.
Released on April 14, 2026, KB5083769 is Microsoft’s April cumulative security update targeting Windows 11 versions 24H2 and 25H2, bringing devices to OS Builds 26100.8246 and 26200.8246, respectively.
The update was originally recommended as part of Microsoft’s standard Patch Tuesday release cycle, which in April 2026 addressed 165 security issues across Windows, Azure, SQL Server, and other products, including 8 critical vulnerabilities and one actively exploited flaw.
However, shortly after deployment, widespread reports began surfacing that KB5083769 was silently breaking backup software across enterprise and home environments alike.
Microsoft April Update KB5083769
The root cause of the issue lies in Microsoft’s Volume Shadow Copy Service (VSS), a foundational Windows component introduced with Windows Server 2003 that enables consistent, point-in-time snapshots of data during backup operations. After installing KB5083769, affected systems produce errors such as:
“The backup has failed because Microsoft VSS has timed out during the snapshot creation.”
Acronis confirmed that the update “may introduce system-wide issues that affect Microsoft VSS operations, leading to backup failures” and that affected machines may also lose connectivity with the cloud console, appearing completely offline to administrators.
Independent analysis from BornCity also revealed that the April 2026 update blocks certain kernel drivers relied upon by VSS-dependent applications, causing COM+ catalog corruption on affected systems.
Affected Backup Solutions
The VSS disruption is not isolated to a single vendor. Confirmed impacted products include:
- Acronis Cyber Protect Cloud – backup jobs fail with VSS timeout errors; systems may appear offline in the cloud console
- Macrium Reflect – VSS snapshot creation fails; backups cannot be mounted or completed
- NinjaOne Backup – silent job failures on patched endpoints with no user-facing warning
- UrBackup Server – clients become stuck during indexing, with file backups stopping entirely on Windows 11 machines
Notably, some UrBackup users identified a specific correlation with BitLocker-enabled systems, as KB5083769 also contains Secure Boot updates for BitLocker.
Microsoft has separately acknowledged that the update can trigger an unexpected BitLocker recovery prompt on devices with certain enterprise-oriented Group Policy configurations.
Understanding which workloads are at risk is critical for triage. VSS is used by a wide range of backup and restore workflows, including Windows Server Backup, System Center Data Protection Manager, System Restore, and most enterprise-grade third-party backup tools. However, two important exceptions apply:
- Windows 11’s cloud-based Backup feature does NOT use VSS; users relying solely on cloud backup are not affected
- Point-in-Time Restore (PITR), Microsoft’s upcoming VSS-based recovery feature announced at Microsoft Ignite in November 2025, is not yet in general availability and therefore poses no additional risk for most users.
PITR, currently in Windows Insider and Dev builds via KB5070307, allows rolling back a Windows 11 system to an earlier, healthy snapshot within minutes. Still, its broader rollout has not yet reached standard release channels.
Step-by-Step Remediation Guide
If your backup software is failing after applying KB5083769, here is the recommended mitigation process:
- Open Settings → Windows Update → Update History
- Scroll to the bottom and locate Related settings
- Click Uninstall updates
- Find Security Update for Microsoft Windows (KB5083769)
- Click the Uninstall link on the right
- Reboot the system
- Return to Windows Update and Pause updates to prevent automatic reinstallation
⚠️ Important: Uninstalling a security update temporarily increases exposure to patched vulnerabilities. Only uninstall if actively impacted, and monitor your vendor’s advisory page for a fixed update before re-enabling Windows Update.
Vendor Response Status
All major impacted vendors have acknowledged the issue through official channels:
- Acronis has published a formal support note recommending uninstalling KB5083769 and rebooting while the company investigates a permanent fix
- Macrium has confirmed the problem via its community forums, with user reports confirming that uninstalling the update fully restores backup functionality.
- UrBackup recommends uninstalling the update and is tracking the issue in its official community forum thread.
- NinjaOne has documented the issue in its KB catalog, noting silent backup job failures as the primary symptom.
Microsoft has not yet issued an official acknowledgment of the VSS-specific backup failure. However, the company’s support page for KB5083769 has been updated multiple times since April 14 to address ancillary issues, including BitLocker recovery prompts and Remote Desktop display warnings.
This situation creates a genuine dilemma for system administrators: the April 2026 Patch Tuesday release addressed critical vulnerabilities, including privilege escalation and remote code execution flaws, making it a high-priority security update.
However, breaking backup software on production systems introduces its own class of operational and security risk. A system without a working backup is inherently more vulnerable to ransomware, data loss, and failed recovery scenarios.
Until Microsoft issues an out-of-band patch or a vendor-side workaround becomes available, organizations should carefully assess their risk posture before deciding whether to retain or remove KB5083769.
FAQ
Q1: Does KB5083769 affect all Windows 11 users?
No, the backup failure specifically impacts users of third-party VSS-dependent backup software on Windows 11 24H2 and 25H2; users relying on Microsoft’s cloud-based Backup feature are not affected.
Q2: What is VSS, and why does this matter?
Volume Shadow Copy Service (VSS) is a core Windows component that creates consistent point-in-time data snapshots, and its failure prevents backup software from safely capturing data during live system operation.
Q3: Is it safe to uninstall KB5083769?
Uninstalling removes the security fixes included in the April 2026 patch, temporarily increasing vulnerability exposure, so users should weigh their backup reliability needs against security risk and monitor vendor advisories.
Q4: When will Microsoft release a fix?
As of April 29, 2026, Microsoft has not issued an official statement on the VSS bug, but Acronis and other vendors are actively investigating and tracking the issue to deliver a patch.
Site: https://thecybrdef.com
For more insights and updates, follow us on Google News, Twitter, and LinkedIn.
About the Author
